In recent years, outbreaks of self-propagating malicious code (“worms”) have frequently plagued public networks, even penetrating into well-protected enterprises. Worms have evolved from relatively rare nuisance applications into one of the most well-recognized information-based global security threats. To combat this problem, there has been a surge of research into developing techniques for recognizing worms and defending networks against emerging epidemics. To date, however, no single approach has proven completely effective in containing the propagation of worms, as many different kinds of worms (e.g., variable speed random-scan worms, topology-based worms, etc.) employing many different kinds of infection strategies exist.
Thus, there is a need in the art for a method and apparatus for combating malicious code.